Searching Kubernetes Logs Without A Logging Platform

Searching through pod logs on Kubernetes can be more challenging without a centralized logging platform like Datadog or Splunk.

Here’s how you can do it with kubectl and grep.

You can use kubectl to get logs for multiple containers by using their label:

kubectl logs -n kube-system -l k8s-app=kube-dns

To search the logs, just pipe it to grep:

kubectl logs -n kube-system -l k8s-app=kube-dns | grep -i "error"

If you would like to get a live tail and follow the logs, you can use the -f flag:

kubectl logs -f -n kube-system -l k8s-app=kube-dns

Then, you can pipe it into grep with --line-buffered for continuous output:

kubectl logs -f -n kube-system -l k8s-app=kube-dns | grep --line-buffered -i "error"

Note that there’s a default limit of 5 containers when using the follow flag -f.

You can get around this by setting --max-log-requests=<n>, where n is the number of containers you’d like to follow logs for.

Like what you've read?

If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.

Not sure yet? Check out the archive.

Unsubscribe at any time.